WFS-Serv 0 Posted November 22, 2015 Hello fellas I haven't been on for a long while, I think my account expired (WFS) so I have had to setup a new account. I noticed nothing much has been mentioned on the forum in regards to DVR hacking so I thought I would post a warning. I have started finding cases of people being locked out of there DVRs/NVRs etc. In all but 1 cases the default passwords had not been changed on installation. I went on a callout this Friday to a system (installed by others) where the customers DVR was in his words 'playing up'. The system was 9 months old, but they could not get the original installer to return to fix the problem The DVR, a Qvis 16 Channel iApollo HDRT Pro, wasn't displaying any analogue video on the main screen and the user accounts and admin account were all locked out. I first rebooted the DVR, the system was still in the same state, no video. The customer advised us the passwords were never changed from default so Admin had the password 'admin', User had the password 'user' etc. We tried to log into the system but all passwords entered were rejected. It was quite apparent at this point that the system had been tampered with. Lucky for us, we spoke to the manufacturer Qvis and after sending in our proofs and the serial number of the DVR, they provided us with a override code. We entered the override code into the system and it got us into the system menu. First we changed all the account passwords to make the system safe, then I did some digging. All the Analogue encode channels had been disabled, the recording schedule had been changed to Manual Stop and most of the Network Services had been disabled. Luckily this system keeps a number of Logs, firstly a system log which reports user login/logout and all user activity, then a network log of all devices logging into the system remotely with their IP address and the duration of time the device was logged in for. I could see on the 30th October at 04:36 an external device logged into the admin account with a IP address from Latvia. at 04:38 all account passwords where changed at 04:42 the encode settings, recording schedule and net services were changed After that, the same IP logged into the system on 11 more occasions over 3 days, downloading footage from the HDD and on the last visit, they formatted the HDD. After my investigation work, I defaulted the DVR to factory settings and reprogrammed it back up with new secure passwords for all accounts. So, If you have a DVR that is connected to a network, Change the default passwords!! Not all DVRs have override codes or reset procedures, this customer was lucky Dan Share this post Link to post Share on other sites